Using a new phishing attack developed by security researcher Sean Cassidy, attackers could gain access to all passwords stored by a user of LastPass, including accounts protected by strong security measures like two-factor authentication.